Add to collection(s) Add to saved
  1. Math
  2. Linear Algebra

Managing Costs and Variability of Security Services

advertisement 
Managing Costs and Variability of Security Services
Evie Spyropoulou, Cynthia Irvine, Tim Levin and Bruce Allen
Center for INFOSEC Studies and Research
Naval Postgraduate School
[eviespy | irvine | levin | ballen] @cs.nps.navy.mil
When an application is submitted for execution in a network, where geographically
distributed, heterogeneous resources are available, a Quality of Service (QoS) middleware
mechanism can be used to intermediate and schedule the application for execution. In our
research we are working on including security as a dimension of QoS. Quality of Security Service
(QoSS) is enabled when users or network tasks are presented with variable levels of security
services and requirements, from which the desired level for the security dimension can be
selected.
Furthermore if a particular security mechanism is “fixed” (i.e., always applied) then the
overhead for the mechanism is part of the normal cost of running the task and the normal costing
mechanism used by the QoS control mechanism will suffice. For variant security mechanisms,
however, the security overhead will vary, depending on the security vector of the user’s QoS
request. The middleware must have access to detailed information about the resource costs for
each variant security mechanism.
We are working on a QoSS costing demonstration. In this approach we use a model for tasks,
that incorporates the ideas of variant security services and value ranges for the security attributes.
We additionally take into account an operational mode parameter (e.g. normal, impacted,
emergency), because network status could influence the security policy and security services
applicable to the task: for example under certain conditions, a user or administrator may be
willing to accept more (or less) security for a given application. Users are presented with a
simplified abstraction of security, in the form of security level choices, such as “high”,
“medium”, “low”, and these selections are mapped to detailed mechanism invocations via a
translation matrix.
To quantify the costs related to a task’s security requests, we use a costing framework (based
on a security service taxonomy) with cost expressions relative to every security service invoked
by the task. Each service may access various resources, e.g. CPU, memory and bandwidth. We
discriminate between start-up and streaming costs. The calculated costs can then be fed to a
middleware QoS mechanism for use in its resource allocation and scheduling decisions.
Current research involves linking QoSS conditions to underlying security mechanisms. IPSec
provides various choices for the characteristics of the Security Associations (SAs) that can be
established between two entities that wish to communicate. As a proof of concept we are working
with modulation of IPSec variables to supply QoSS. Using the IKE protocol and the KeyNote
trust management system, we can regulate SA parameters like encryption and hash algorithms,
key lengths, SA life times, based on policy decisions that account for the application, system
operational mode, and desired security level. We plan to conduct experiments and measurements
to help us understand the impact of QoSS on the performance of applications under various
network operational modes and high level policies.
Related documents
Applying Feedback Control to QoS management
Applying Feedback Control to QoS management
The system shall support an arbitrary set variety of traffic classes that
The system shall support an arbitrary set variety of traffic classes that
Cisco Catalyst® QoS: Quality of Service in Campus
Cisco Catalyst® QoS: Quality of Service in Campus
ppt
ppt
Level 2 Certificate in Accounting
Level 2 Certificate in Accounting
Book Schedule (Through Quiz 1)
Book Schedule (Through Quiz 1)
Managing Cross-Cutting QoS Issues in MULTE Middleware
Managing Cross-Cutting QoS Issues in MULTE Middleware
Managing Cross-Cutting QoS Issues in MULTE Middleware
Managing Cross-Cutting QoS Issues in MULTE Middleware
Safe Specialization of the LwCCM
Safe Specialization of the LwCCM
Enabling Flexible QoS Support in the Object Request Broker COOL
Enabling Flexible QoS Support in the Object Request Broker COOL
A QoS-based Dynamic Scheduling Middleware of Wireless Multimedia Sensor Networks chun
A QoS-based Dynamic Scheduling Middleware of Wireless Multimedia Sensor Networks chun
Tools for Continuously Evaluating Distributed System Qualities
Tools for Continuously Evaluating Distributed System Qualities
MODELLING FOR QUALITY OF SERVICES IN DISTRIBUTED GEOPROCESSING
MODELLING FOR QUALITY OF SERVICES IN DISTRIBUTED GEOPROCESSING
QoS-aware Mobile Middleware for Video Streaming Sten L. Amundsen, Ketil Lund
QoS-aware Mobile Middleware for Video Streaming Sten L. Amundsen, Ketil Lund
QoS Framework: Architecture for Providing Subjective QoS in Low-quality Connection Ratna Wardani
QoS Framework: Architecture for Providing Subjective QoS in Low-quality Connection Ratna Wardani
Towards Scalable and Affordable Content Distribution Services Pi1
Towards Scalable and Affordable Content Distribution Services Pi1
QoS-LI: QoS Loss Inference in Disadvantaged Networks
QoS-LI: QoS Loss Inference in Disadvantaged Networks
Enabling Flexible QoS Support in the Object Request Broker COOL Abstract
Enabling Flexible QoS Support in the Object Request Broker COOL Abstract
Model-Driven Methodology for Building QoS-Optimised Web Service Compositions Roy Grønmo
Model-Driven Methodology for Building QoS-Optimised Web Service Compositions Roy Grønmo
Power-Aware Computing with Dynamic Knobs Computer Science and Artificial Intelligence Laboratory
Power-Aware Computing with Dynamic Knobs Computer Science and Artificial Intelligence Laboratory
Dynamic Knobs for Responsive Power-Aware Computing
Dynamic Knobs for Responsive Power-Aware Computing
Service Planning in a QoS-aware Component Architecture
Service Planning in a QoS-aware Component Architecture
Download
advertisement